Google spends $1 million on censorship and throttling detection

Google is paying Georgia Tech researchers to build consumer tools that can …

Google has awarded $1 million to Georgia Tech researchers so that they can develop simple tools to detect Internet throttling, government censorship, and other "transparency" problems.

That money will cover two years of work at Georgia Tech, with an additional $500,000 extension possible if Google wants an extra year of development. At the end of the project, the Georgia Tech team hopes to provide "a suite of Web-based, Internet-scale measurement tools that any user around the world could access for free. With the help of these tools, users could determine whether their ISPs are providing the kind of service customers are paying for, and whether the data they send and receive over their network connections is being tampered with by governments and/or ISPs."

Wenke Lee, a computer science professor at the school and one of the grant's principal investigators (along with the grant's author, computer science professor Nick Feamster), says that the work will create a "transparency ecosystem" on the 'Net.

"For example," he said, "say something happens again like what happened in Egypt recently, when the Internet was essentially shut down. If we have a community of Internet user-participants in that country, we will know instantly when a government or ISP starts to block traffic, tamper with search results, even alter Web-based information in order to spread propaganda." (The Tunisian government early this year added bits of code to Facebook login pages in order to capture user credentials, for instance.)

The team cares about more than computers, too; with the surge in mobile data connections, it plans to build tools for smartphone and tablet owners as well.

Google just needs to launch ISPs and Cell Networks. As much as I don't like the idea of them knowing everything that goes on, their attitute seems to beat the other mega-corps and governments running the internet.

Nuttr indeed. Are you a shill, or do you just have your head in the sand? Or maybe you're one of those pliable goofballs that only care about privacy breaches when it's a government, as opposed to a largely unaccountable multi-national corporation?

Nuttr indeed. Are you a shill, or do you just have your head in the sand? Or maybe you're one of those pliable goofballs that only care about privacy breaches when it's a government, as opposed to a largely unaccountable multi-national corporation?

Google was gathering info from networks that were wide open. It's no different than if someone else had just driven around gathering data. The people running those networks should have known to use encryption. And besides, Google stopped doing that anyway, so it's not even a big deal.

I'm not even going to read the rest if that's what you're going to start with.

I mean honestly, unless you're someone that is constantly doing illegal shit, I don't see how that's pertinent to you.

Today, SUSPECTED pedophiles (guess you don't believe in due process, eh?), tomorrow, dissidents... wait, no, dissidents are already in there too. I love the "if you're not doing anything wrong, you have nothing to worry about" arguments. Pull the other one, genius.

Will it tell you what Google is doing with your data? Who they're selling/leaking it to?

Will it tell you if Google is intentionally eavesdropping on wireless traffic in your area and recording the data they obtain?

Didn't think so.

But don't worry, Google is Teh Good Ghuys. Don't stop, belieeeeevin'... hold on to that poteeeeemkin village...

You said "intentionally". Google only intended to scan for SSIDs, which are broadcast by the APs specifically so that people will know that the networks exist. The rest of the data was captured by accident.Care to cite any documentation to back up what you're claiming here, or should I just chalk this up to a nutter on the webz?

Nuttr indeed. Are you a shill, or do you just have your head in the sand? Or maybe you're one of those pliable goofballs that only care about privacy breaches when it's a government, as opposed to a largely unaccountable multi-national corporation?

You said "intentionally". Google only intended to scan for SSIDs, which are broadcast by the APs specifically so that people will know that the networks exist. The rest of the data was captured by accident.

Google was gathering info from networks that were wide open. It's no different than if someone else had just driven around gathering data. The people running those networks should have known to use encryption. And besides, Google stopped doing that anyway, so it's not even a big deal.

Yes. A multinational with vans driving all over the world collecting data anywhere and everywhere, all the time, is no more of a worry than the guy in the apartment down the hall sniffing the local wireless networks.

You said "intentionally". Google only intended to scan for SSIDs, which are broadcast by the APs specifically so that people will know that the networks exist. The rest of the data was captured by accident.

So, Google "accidentally" had a packet sniffer running, instead of just an SSIDs scanner, and "accidentally" logged that data.

Incredulous doesn't begin to describe it. I'm a believer in Occam's razor, which (especially paired with Google's record of over-reach) squarely places this in the "intentional" category. Do you know how many "accidents" in software and operations would have to coincide for this to happen? It's possible, but unbelievably unlikely.

Will it tell you what Google is doing with your data? Who they're selling/leaking it to?

Will it tell you if Google is intentionally eavesdropping on wireless traffic in your area and recording the data they obtain?

Didn't think so.

But don't worry, Google is Teh Good Ghuys. Don't stop, belieeeeevin'... hold on to that poteeeeemkin village...

You said "intentionally". Google only intended to scan for SSIDs, which are broadcast by the APs specifically so that people will know that the networks exist. The rest of the data was captured by accident.Care to cite any documentation to back up what you're claiming here, or should I just chalk this up to a nutter on the webz?

Nuttr indeed. Are you a shill, or do you just have your head in the sand? Or maybe you're one of those pliable goofballs that only care about privacy breaches when it's a government, as opposed to a largely unaccountable multi-national corporation?

You said "intentionally". Google only intended to scan for SSIDs, which are broadcast by the APs specifically so that people will know that the networks exist. The rest of the data was captured by accident.

Nuttr indeed. Are you a shill, or do you just have your head in the sand? Or maybe you're one of those pliable goofballs that only care about privacy breaches when it's a government, as opposed to a largely unaccountable multi-national corporation?

1.) Google bowed to a legal order from Brazilian senate. What exactly is wrong about that?

2.) Google openly admitted the problem, apologized, provided evidence to others to know the extent of the issue, was fined, and has ceased the practice. Again, show me another company that would have openly admitted and not covered the whole thing up.

3.) Google censors information from their search results. That has nothing to do with disseminating private information--which was your entire argument, right? Admittedly, I don't agree with censorship, but as part of their initial agreement with China to even ALLOW their search in their country, they were required to censor whatever the government asked them. Someone can correct me if I'm wrong, but I believe that was the arrangement.

4.) Amazing. People install unknown applications on their phone--much the same as they do on their computers--and some of them have privacy issues. Again, how is this a Google issue when it's obviously the responsibility of the user?

Google was using off-the-shelf open-source scanning software, not something super-secret. The default setting logs more than just SSIDs, and they didn't think to change it because it was working fine. The head of the project offered to destroy all copies immediately (as soon as he found out the data existed), but the courts in various countries had to have a look at it to determine whether privacy had been breached, so destroying the data would have been tampering with evidence.

1.) Google bowed to a legal order from Brazilian senate. What exactly is wrong about that?

2.) Google openly admitted the problem, apologized, provided evidence to others to know the extent of the issue, was fined, and has ceased the practice. Again, show me another company that would have openly admitted and not covered the whole thing up.

3.) Google censors information from their search results. That has nothing to do with disseminating private information--which was your entire argument, right? Admittedly, I don't agree with censorship, but as part of their initial agreement with China to even ALLOW their search in their country, they were required to censor whatever the government asked them. Someone can correct me if I'm wrong, but I believe that was the arrangement.

4.) Amazing. People install unknown applications on their phone--much the same as they do on their computers--and some of them have privacy issues. Again, how is this a Google issue when it's obviously the responsibility of the user?

But yeah. Irony and all.

1.) You're missing the two larger implications. One, Google is now the arbiter of to what extent release of your personal data will be contested, not yourself. Two, Google will give up anything about you to anyone who makes a "lawful" request. Google's interpretation of "lawful" is very unlikely to match yours, when it comes to your own data.

2.) Blatantly false. They covered it up and stalled and delayed as long as they could, and lied to both the German and French governments (at minimum) about the extent of the issue while they decided on a damage control strategy. Read about the case before you comment. I seriously doubt we yet know (or ever will) the extent of the data archived.

3.) Again, "the local authorities told them to" is a good excuse if you're Google and you want to stay in business, but it obviously contravenes the public perception of them being some sort of champion of "good". Read more about the Chinese and other cases. They've not just censored results, but also released data on dissidents (Yahoo was publicly pilloried for this, but Google gets a pass). Google works with local authorities as long as the local authorities let Goog run and make money there. When that changes (Iran knocking out GMail, China hacking GMail accounts, Egypt "turning off the internet"), suddenly the Goog gets religion and makes a big show of being freedom fighters. What. Ever. How naive are people?

4.) Google provides a platform that is designed around capturing as much data as possible, because they want to do exactly that. We aren't talking about applications exploiting a vulnerability, which could happen anywhere. We're talking about applications "exploiting" the design of the platform. If people opt-in to this, that's their choice, but you'd have to be in extreme denial to think that Joe and Josie Average are aware of it when they buy a Droid down at the mall.

Google was using off-the-shelf open-source scanning software, not something super-secret. The default setting logs more than just SSIDs, and they didn't think to change it because it was working fine. The head of the project offered to destroy all copies immediately (as soon as he found out the data existed), but the courts in various countries had to have a look at it to determine whether privacy had been breached, so destroying the data would have been tampering with evidence.

Getting away from the typical "I hate Google because they're the next MS" vitriol, I think that this is a good and necessary thing for the consumer. I'm glad to see it being supported. Hope it works out.

Summary: if you're against EULAs when it comes to commercial software, but will excuse anything Google does based on "the victim should have read the ToS and known better!"... well, there's a word for that and it starts with h - y - p - o - c - r - i - s ...

Nuttr indeed. Are you a shill, or do you just have your head in the sand? Or maybe you're one of those pliable goofballs that only care about privacy breaches when it's a government, as opposed to a largely unaccountable multi-national corporation?

Did you read all of the articles you posted, or did you just search for any privacy related articles about Google? Did you use Bing to search? They do not give any tools to delete data they've collected on you, and even collect data about what you do in other sites. Anyway, about your articles:

The first is them complying with orders from the Brazilian government, which they initially refused.

The second is France suing over the wifi debacle. I'm willing to give Google the benefit of the doubt on this one, as all wireless scanners pick up unencrypted data, its just that they normally use filters to prevent writing it to disk. I'm sorry, but if privacy is important, you do not publicly broadcast your information. The wireless scanners had a legitimate purpose, it is used for geolocation when GPS is not available.

The third, while unfortunate, was Google China complying with Chinese laws and blocking searches related to a dissident. This, among other reasons, eventually prompted Google to pull out of china.

The fourth, is an idiot that does not understand how permissions work saying that google is responsible for when you give an application permission to share data and the application designer then shares that with third parties. All Android app installations prompt you with the permissions you need to grant the application and you need to accept before it will install. iOS/Windows Phone do not even tell you that much.

I do not work for and never have worked for Google or any of its affiliates.

ISP "Customer Service": How may I help you? *snicker*Me: You're throttling my service.ISP "Customer Service": What makes you say that?Me: This tool I'm using proves it.ISP "Customer Service": So?Me: So, stop.ISP "Customer Service": We have the right to throttle your service, at any time, for any reason.Me: Then I quit. Cancel my plan.ISP "Customer Service": I can't let you do that, Dave.Me: ...

The fourth, is an idiot that does not understand how permissions work saying that google is responsible for when you give an application permission to share data and the application designer then shares that with third parties. All Android app installations prompt you with the permissions you need to grant the application and you need to accept before it will install. iOS/Windows Phone do not even tell you that much.

I do not work for and never have worked for Google or any of its affiliates.

All of your arguments are either specious or profoundly immoral ("they were just doing what the genocidal dictator told them to!"), but I'll concentrate on this last one as an example.

1. You have your facts wrong. Or are misrepresenting them. You are prompted for certain permissions, but not all--and you are prompted to grant the APPLICATION access to data, not to authorize it to be relayed to unknown third parties.

2. I don't know about Windows Phone, but iOS has exactly the same sort of prompts... and they have a policy against relaying your data to any third parties.

3. You should be careful about calling normal people who don't know the details of every software platform "idiots", in the same breath that you demonstrate a lack of knowledge yourself.

Here's an excruciatingly detailed description of Google's software. http://static.googleusercontent.com/ext ... 060910.pdf (PDF). As you can see, the software was developed in 2006 and was later repurposed for use in the Google Street vehicles. The defaults were used, until May 6, 2010 when the configuration files were changed to discard all packet bodies (only header information is used now). It still looks like a simple misconfiguration to me, and not something that would require more than one accident without sarcasm quotes.

The fourth, is an idiot that does not understand how permissions work saying that google is responsible for when you give an application permission to share data and the application designer then shares that with third parties. All Android app installations prompt you with the permissions you need to grant the application and you need to accept before it will install. iOS/Windows Phone do not even tell you that much.

I do not work for and never have worked for Google or any of its affiliates.

All of your arguments are either specious or profoundly immoral ("they were just doing what the genocidal dictator told them to!"), but I'll concentrate on this last one as an example.

1. You have your facts wrong. Or are misrepresenting them. You are prompted for certain permissions, but not all--and you are prompted to grant the APPLICATION access to data, not to authorize it to be relayed to unknown third parties.

2. I don't know about Windows Phone, but iOS has exactly the same sort of prompts... and they have a policy against relaying your data to any third parties.

3. You should be careful about calling normal people who don't know the details of every software platform "idiots", in the same breath that you demonstrate a lack of knowledge yourself.

It was immoral to release information on government order to Brazil for investigation of pedophiles? They apparently agree that it was immoral to censor things in China, so they ceased operations there. The wifi thing was a mistake, and what is the moral thing to do when you make a mistake like that? Oh yeah, you report yourself to the authorities and ask them what they want you to do with the data, like they did. Back to number 4:

1. Is there any permission you are not prompted for on Android, other than basic things like video output, sound, and receiving input within the application? And yes, the user should expect that if they grant an application access to internet and access to their personal data on the phone there is a possibility that data will be collected. Apps that are found to be doing this should be banned from the marketplace, but that is a policy issue, not a breach of privacy on their part.

2. Maybe they have changed since I last used an iOS device, but when installing an app it did not tell you exactly what permissions the application was being granted, other than for location and possibly bluetooth. I agree that if it does not have one already, Google should have a policy that marketplace apps cannot share data with third parties, but that is a policy issue and would be difficult to enforce. Apple may have a policy in place, but how can they enforce it?

3. I was calling the writer of the article an idiot, not normal people. Someone writing an article should know the details of the software platform they are making statements about. The permissions prompt is based on the API. An application can only use the permissions it requests in the manifest file, and this file is used when generating the permissions prompt when installing an application. They cannot enforce how data is collected using this means, and neither can anyone else.

I wonder if Google will be including these tools as part of Measurement Lab (http://www.measurementlab.net/) Google is a partner with the site already and these tools would be great additions to what network test tools are available there.